Solution providers and vendors say they are not alarmed by a study that finds security flaws in the Wired Equivalent Privacy (WEP) algorithm for wireless LANs (WLANs).
According to the study the WEP algorithm, which is a part of the 802.11 standard, is vulnerable to passive and active attacks. Hackers can attack 40-bit and 128-bit versions of WEP with off-the-shelf equipment. Users should not rely solely on WEP, according to the study, which was conducted by Nikita Borisov, Ian Goldberg and David Wagner at the University of California at Berkeley.
Vendors say they rely on more than just WEP to secure their WLAN products.
"I don't think any of the wireless vendors believed a single approach to security was going to be sufficient," says Damon Hopley, senior product manager of wireless solutions at Enterasys Networks.
Enterasys, 3Com and Cisco Systems offer VPN products for added security. Enterasys combines security products such as VPN solutions or firewalls to customers' portfolios depending on their security needs, Hopley says.
3Com also layers security depending on what the customer needs, says John Drewry, director of business development and product management for the company's wireless connectivity division.
Vendors and solution providers agree the research project was not a common hack.
There are easier ways to crack a company's network, says Eric Feldman, network sales executive at Computer Network Solutions, an integrator in Plainview, N.Y. "This is real geek stuff," he says.
Feldman says he is more worried about easier break-ins through methods such as passwords written on monitors or people sharing log-in accounts. "They are far more deadly than an obscure hack like this," he says.
Richard White, an analyst at Aberdeen Group, says the study should benefit the development of the 802.11 standard by encouraging program developers to strengthen the standard's level of security. Since 802.11 is a new and developing standard, these concerns can be addressed as the standard evolves, White says.
